Connectivity requirements
Overview
This page shows the connectivity requirements of every Nexthink product. If you operate in a restricted environment, your network administrator must add the domains on this page to an allowlist.
Some Nexthink products allow you to use a secure or a non-secure channel for specific services. Depending on their configuration, you may need to allow connections through a port number that is different from what is shown here.
Your Nexthink URL pattern can be one of the following:
<instance>.<region>.nexthink.cloud
<instance>.data.<region>.nexthink.cloud
URL pattern description:
<instance>
- The name of the Nexthink instance.<region>
- The name of the localization of the instance:us
- United States.eu
- European Union.pac
- Asia-Pacific region.meta
- Middle East, Turkey, and Africa.
Ensure your firewall has TCP port 443 open for your Nexthink instance URL.
The following tables indicate the transport protocol for each connection. When an application protocol handles the connection over the transport layer, the application protocol name precedes the transport protocol name.
Web interface
443
HTTPS / TCP
OUT
Access to the Nexthink web inteface
Nextink instance Fully Qualified Domain Name (FQDN) link pattern:
<instance>.<region>.nexthink.cloud
https://instance.api.region.nexthink.cloud
443
HTTPS / TCP
OUT
Access to the Nexthink web interface with SAML-based authentication
Nextink instance FQDN link pattern:
https://<instance>-login.<region>.nexthink.cloud
–
443
HTTPS / TCP
OUT
Access to the Nexthink web interface for the authentication
oktacdn.com
–
Telemetry and monitoring
443
HTTPS / TCP
OUT
browser-intake-datadoghq.com
443
HTTPS / TCP
OUT
Access to Pendo telemetry
content.insights.nexthink.com
data.insights.nexthink.com
Collector
Port number
Protocol
Direction
Reason
443
WebSocket / TCP / HTTPS
OUT
Default communication channel to reach a Nexthink instance.
Also, the Windows Collector calls a Windows API method once every 24 hours. The API method triggers a connection for the client to the domain controller operations through TCP port 135. Service responses use ephemeral TCP ports in the 49152-65535 range.
Data export
Nexthink users can export the results of their investigations using the export function. Each user can perform one export at a time. Multiple users of the same Nexthink instance can run a maximum of five exports in parallel.
The data export generates a link to an export file. This is a pre-signed link to an Amazon Web Services (AWS) S3 bucket, which is valid for 10 minutes. The link uses Amazon virtual-hosted-style. See the following example to understand the link structure.
The following URLs are valid and static for each request:
https://aris-export-<region>-884848470805.s3.<region>.amazonaws.com
https://nxc-ch-data-export-884848470805-<region>-<cluster>.s3.<region>.amazonaws.com
Add these URLs to the allowlist of your firewall:
Change
<region>
in both places to the region of your tenant. For example:eu-west-2
Change
<cluster>
with the cluster of your tenant. For example:main
Data Enricher (classic)
53
DNS / UDP
OUT
Resolving destination names by reverse IP
–
389
LDAP / TCP
OUT
Connection to Active Directory (AD); non-secure
–
443
HTTPS / TCP
OUT
Send AD and DNS data
636
LDAPS / TCP
OUT
Connection to AD; secure
–
Finder (classic)
Nexthink Finder is a Windows-only desktop application. Its functionality is available within the Nexthink web interface. Nexthink can now be used directly from a browser, and most functions no longer require an additional desktop application.
25
SMTP / TCP
OUT
Send email in case of errors
–
80
HTTP / TCP
OUT
Connection to the documentation website
doc.nexthink.com
80
HTTP / TCP
OUT
Verification of security certificates
ocsp.verisign.com
443
HTTPS / TCP
OUT
Connection to the documentation website
doc.nexthink.com
docs.nexthink.com
443
WebSocket / TCP
OUT
User connection to the web interface
Nexthink instance FQDN
443
HTTPS / TCP
OUT
Application installation and software updates
Nexthink instance FQDN
443
HTTPS / TCP
OUT
Support telemetry
alib.nexthink.com
443
HTTPS / TCP
OUT
Connection to Nexthink Library
library.nexthink.com
Engine (classic)
If rule-based Collector assignment is turned on, the TCP channel of Collector also connects to the Nexthink web interface. Collectors use this connection to ask for their assigned Engine (classic). Collector can no longer use a UDP channel to send end-user analytics to the Engine (classic).
443
TCP
OUT
Send end-user analytics to the Engine (classic); coordination data and updates
Last updated